MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f25aca08079e42ada9ce9fbd59639686c7e87be6979943b8a8a555bedbe1a7cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BazaLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	f25aca08079e42ada9ce9fbd59639686c7e87be6979943b8a8a555bedbe1a7cf
SHA3-384 hash:	3bd5aa5de459593b014f4a8ecd91f918cac1ab4dda8cbdccb843b12921abf3edb9c7d4e0335fa6c9e68530e50312aaf8
SHA1 hash:	d0288cff95d3c612e6986b1342fd31ff068e93e3
MD5 hash:	b493ed4f28c3905c79cbcaab20e4a7da
humanhash:	burger-kansas-five-purple
File name:	f25aca08079e42ada9ce9fbd59639686c7e87be6979943b8a8a555bedbe1a7cf
Download:	download sample
Signature	BazaLoader Create hunting rule
File size:	759'296 bytes
First seen:	2021-06-23 22:04:05 UTC
Last seen:	2021-06-23 22:39:06 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5665ce28f0324225cf65bc38430c6817 (1 x BazaLoader)
ssdeep	12288:jw+Bu0S0LSlfjdQp4qemfVofyqOpUiCS0sTjv19uYAh3evQS:s+5Kfap4qemfVv3CSzuYAh3ev
Threatray	26 similar samples on MalwareBazaar
TLSH	3DF48D51F2B486B5D07FD53AC9838A8AEB713850D73187CB1150E72E2F336E19E3A661
Reporter	Anonymous
Tags:	BazaLoader exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

104

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

f25aca08079e42ada9ce9fbd59639686c7e87be6979943b8a8a555bedbe1a7cf

Verdict:

No threats detected

Analysis date:

2021-06-23 22:05:36 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0763ac04-5769-4a47-b99b-8856a7f47c25

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Trojan.Win64.Mozaakai.CEMTB.18003.31596.UNOFFICIAL

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

BazarBackdoor

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/3b1f1619-977b-47b7-81c3-7216a29ea444

Result

Threat name:

Bazar Loader

Detection:

malicious

Classification:

troj.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/806909

Signature

Sigma detected: CobaltStrike Load by Rundll32

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

System process connects to network (likely due to code injection or exploit)

Yara detected Bazar Loader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f25aca08079e42ada9ce9fbd59639686c7e87be6979943b8a8a555bedbe1a7cf/

Threat name:

Win64.Trojan.Mozaakai

Status:

Malicious

First seen:

2021-06-23 22:04:19 UTC

AV detection:

5 of 29 (17.24%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

1a82ee0d5a11d5431581aa185cee32ab29103083a65e5ddaffed04809b16137c

3c91963b604f32bb0fb91c2dc8771cfb86ef5ecbebb145e3515bdf5779972455

447a0ab1979dfe2b0d3ebd7082dec8ad9fba6c8a34bef39217fa4f2c6073c5d8

461e6f9d0bff2b46c77cb78d2d885570b4f75a5b3b9d6ed9b01193970ccf24d1

6c6939f72d85a8d97f4aa81c53d02dccca16e6deff4a2a3eb017ea374713aace

889e728a55b58b3a124d38610a30ae07150f78ca900dbef4fc15120ea49ec593

b057eb94e711995fd5fd6c57aa38a243575521b11b98734359658a7a9829b417

bd22fdab541d4517cbf4b96b1986cd370ffc2532392a5b1801c819f67099f9da

dbd56f0dc20aec5289e993087b32a9485ccea4ae9796c58c008eb946d7646a94

e6f0206d99bc279a062e055582e2c452500d7067968e9de186d7d78ed158271d

+ 16 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210623-frb6s9nxwx/

Behaviour

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Blocklisted process makes network request

Unpacked files

SH256 hash:

f25aca08079e42ada9ce9fbd59639686c7e87be6979943b8a8a555bedbe1a7cf

MD5 hash:

b493ed4f28c3905c79cbcaab20e4a7da

SHA1 hash:

d0288cff95d3c612e6986b1342fd31ff068e93e3

Link:

https://www.unpac.me/results/d7c7b1d4-f5c8-4f61-9a5d-2e0f1e38dadd/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f25aca08079e42ada9ce9fbd59639686c7e87be6979943b8a8a555bedbe1a7cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample